package cn.tedu.jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Scanner;

/**
 * 登录功能[使用预编译SQL方式，防止SQL注入攻击]
 */
public class JDBCLogin2 {
    public static void main(String[] args) {
        try(Connection connection = DBUtil.geConnection();) {
            Scanner scanner = new Scanner(System.in);
            System.out.println("用户名:");
            String username = scanner.nextLine();
            System.out.println("密码:");
            String password = scanner.nextLine();
            String sql = "SELECT nickname FROM userinfo WHERE username=? AND password=?";
            PreparedStatement ps = connection.prepareStatement(sql);
            ps.setString(1,username);
            ps.setString(2,password);
            ResultSet r = ps.executeQuery();
            if (r.next()){
                String nickname = r.getString("nickname");
                System.out.println("登陆成功，欢迎您:"+nickname);
            }else {
                System.out.println("用户名或密码错误");
            }
        } catch (SQLException e) {
            throw new RuntimeException(e);
        }

    }
}
